VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-hmkq-2p3p-aaac

Essentials
Severities (107)
References (42)
Severity details (27)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-hmkq-2p3p-aaac
Aliases	CVE-2023-30589 GHSA-cggh-pq45-6h9x
Summary	The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0084	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0084	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0084	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00863	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00863	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.00863	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.0131	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01346	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.09462	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
epss	0.55752	https://api.first.org/data/v1/epss?cve=CVE-2023-30589
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-cggh-pq45-6h9x
cvssv3.1	7.5	https://github.com/nodejs/llhttp
generic_textual	HIGH	https://github.com/nodejs/llhttp
cvssv3.1	7.5	https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1
generic_textual	HIGH	https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1
cvssv3.1	5.3	https://hackerone.com/reports/2001873
generic_textual	MODERATE	https://hackerone.com/reports/2001873
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-30589
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-30589
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230803-0009
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230803-0009
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240621-0006

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-30589
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/nodejs/llhttp
		https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1
		https://hackerone.com/reports/2001873
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/
		https://security.netapp.com/advisory/ntap-20230803-0009
		https://security.netapp.com/advisory/ntap-20230803-0009/
		https://security.netapp.com/advisory/ntap-20240621-0006
		https://security.netapp.com/advisory/ntap-20240621-0006/
2219841		https://bugzilla.redhat.com/show_bug.cgi?id=2219841
977716		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977716
cpe:2.3:a:nodejs:node.js:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
cpe:2.3:a:nodejs:node.js:16.0.0::::-:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:16.0.0::::-:::
cpe:2.3:a:nodejs:node.js:18.0.0::::-:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:18.0.0::::-:::
cpe:2.3:a:nodejs:node.js:20.0.0::::-:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:20.0.0::::-:::
cpe:2.3:a:nodejs:node.js:20.2.0::::-:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:20.2.0::::-:::
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-30589		https://nvd.nist.gov/vuln/detail/CVE-2023-30589
GHSA-cggh-pq45-6h9x		https://github.com/advisories/GHSA-cggh-pq45-6h9x
GLSA-202405-29		https://security.gentoo.org/glsa/202405-29
RHSA-2023:4330		https://access.redhat.com/errata/RHSA-2023:4330
RHSA-2023:4331		https://access.redhat.com/errata/RHSA-2023:4331
RHSA-2023:4536		https://access.redhat.com/errata/RHSA-2023:4536
RHSA-2023:4537		https://access.redhat.com/errata/RHSA-2023:4537
RHSA-2023:5361		https://access.redhat.com/errata/RHSA-2023:5361
RHSA-2023:5533		https://access.redhat.com/errata/RHSA-2023:5533
USN-6735-1		https://usn.ubuntu.com/6735-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/nodejs/llhttp

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://hackerone.com/reports/2001873

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-30589

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-30589

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20230803-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.59283
EPSS Score	0.00209
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.